February 01, 2012
Features

Cyber beacons: The challenges of new technologies

Cyber beacons: The challenges of new technologies
Cyber beacons: The challenges of new technologies

Information isn't just leaking, it's being broadcast over Web 2.0 mediums, reports Deb Radcliff.

After learning its SecurID authentication product had been accessed by outsiders, security vendor RSA shut down certain social media traffic for several months in 2011 as investigators tracked the origin back to an email. Information gathered to target the recipient was provided freely over social networking sites, what Branden Williams (left), RSA's CTO of marketing, calls “big data mining” by organized bad guys.

“When I look to where the workforce is beaconing sensitive information to criminals and malware, I look to places like Twitter and LinkedIn,” says Williams. “We're living in a world where our entire emerging workforce has grown up online and has been engineered to overshare. Big data miners have taken notice.”

Not only are employees (current and former), partners and contractors beaconing information that can be used in targeted attacks, they also spread product and other intellectual property (IP) over these and many other mediums, such as their online résumés, in blogs, email, Skype, instant and SMS messaging, through misconfigured systems, even search engines, say experts.

Unfortunately, data governance and protections are lacking across most of these channels and mediums. According to an October 2011 survey conducted by the Association of Image and Information Management (AIIM), 65 percent of respondents who had Web 2.0 collaborative environments lacked such controls.

“It used to be that all forms of public communication had to go through sign-off,” says Doug Miles (right), director of market intelligence for AIIM. “Social media, on the other hand, is all about openness and sharing. With one click, the user bypasses all the old controls of brand management, public relations and other approvals, and they're posting who knows what about their organizations.”

Most professionals assigned blogging, Twitter and other communications on behalf of their companies usually go through these checkpoints. Like Williams, they also attend brand/data protection and security training. Since the SecurID breach, RSA has strengthened the social media components in every employee's information security training.

From the February 2012 Issue of SCMagazine »
Page 1 of 3
Related Articles
Related Topics

More in Features

Behind the scenes: Privacy and data-mining

Behind the scenes: Privacy and data-mining

With data-mining firms harvesting personal information from online activity, privacy advocates, if not yet consumers, are alarmed, reports James Hale.

The great divide: Reforming the CFAA

The great divide: Reforming the CFAA

Aaron Swartz's death inspired Rep. Zoe Lofgren to want to reform the federal anti-hacking law, but some security pros worry this would sterilize a potent enforcement weapon, reports Dan Kaplan.

Suspect everything: Advanced threats in the network

Suspect everything: Advanced threats in the network

Are there ways to catch sophisticated malware that hides in trusted processes and services? Deb Radcliff finds out.